I've done more searching and can't seem to find anything specific to my question... I apologize if it's been covered before... I couldn't find it.
I'm setting up another RB750 router for use with some amateur radio VOIP servers (again).
It's a basic NAT router config with a PPPOE connection to an ADSL modem. I have NAT working fine and I've added some filter rules to lock down access from the internet to the router.
Next I have been setting up port forwarding to various PC's on the internal network but have come up against a problem I can't remember from when I set up my first RB750.
Alongside other TCP and UDP ports, I am forwarding TCP 443 to an internal address... which works fine, I can access the internal server from outside (I have disabled the RB750 www-ssl service), but it appears that this dstnat entry seems to break access to HTTPS web pages from PC's on the internal network. When it's disabled, web browsing to HTTPS web pages works fine.
What I have done to "fix" this is to add a !192.168.0.0/24 in the src address field. eg.
1 ;;; VK5REX D-Star HTTPS
chain=dstnat action=dst-nat to-addresses=192.168.0.17 to-ports=443
protocol=tcp src-address=!192.168.0.0/24 dst-port=443
This makes everything work OK, 443 from the internet to 192.168.0.17 and web browsing OK... but is this the right way to approach the problem. Can someone here tell me more, is this entry forwarding HTTPS requests back to the machine that originated them? I'm wondering what I have done different.